What a simple yet complicated question. Risk management actually is a management based on individual’s experiences. This is happened because risk management needs analysis from professionals while the inputs are uncertain. So it means that risk management will differ from one person to another. If that is the case, why we still need risk management while we already know that the outputs will be different in terms of its interpretation and implementation? That is because we still need to minimize any potential which may be occurred during project. Here we of course consider that the risk management which is made by professional will become a good one, and not a bad risk management.
And now, how to do a good risk management? As I said before, risk management actually is based on someone’s experiences. Here it does not mean that on doing a particular project, they must have the experience of exactly same project because no projects are exactly the same. If there is a project which no one have been experienced before, then at least we must choose professionals with the almost similar experiences to do risk management. From their experiences, then they could do some imaginations or draw some predictions about the will-be project. This imaginations or predictions will then be materialized in responses. From these responses, then they could make estimation about the risk probability (high/middle/low) and significance (heavy/medium/minor). After they conclude this into a risk diagrams and reports, then we must ensure steps and provisions of risk implementation in our project.
The process of risk management can be divided into 3 steps:
- Risk Identification: to determine which activities are considered as risk based on their probability
- Risk Analysis: to know how far their implications to the project (not only as individual implication but also collective implication)
- Risk Outputs: how to manage these implications (by minimize them and allocate appropriate contingencies (time, money and quality)
The last thing we should consider in doing risk management is doing risk reduction. How to do this? By obtaining additional information, performing additional simulations or tests, allocating additional resources, and improving communication and managing organization.
Hopefully from this short explanation, we can get a whole picture in how to do risk management.